Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 13, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
2401	5.5	警告 Local	Linux	Linux Kernel	LinuxのLinux KernelにおけるNULL ポインタデリファレンスに関する脆弱性	CWE-476 NULL ポインタデリファレンス	CVE-2026-23442	2026-04-27 11:24	2026-04-3	Show	GitHub Exploit DB Packet Storm

2402	5.5	警告 Local	Linux	Linux Kernel	LinuxのLinux KernelにおけるNULL ポインタデリファレンスに関する脆弱性	CWE-476 NULL ポインタデリファレンス	CVE-2026-23443	2026-04-27 11:24	2026-04-3	Show	GitHub Exploit DB Packet Storm

2403	5.5	警告 Local	Linux	Linux Kernel	LinuxのLinux Kernelにおける有効期限後のメモリの解放の欠如に関する脆弱性	CWE-401 有効期限後のメモリの解放の欠如	CVE-2026-23444	2026-04-27 11:24	2026-04-3	Show	GitHub Exploit DB Packet Storm

2404	5.5	警告 Local	Linux	Linux Kernel	LinuxのLinux Kernelにおける不特定の脆弱性	CWE-noinfo 情報不足	CVE-2026-23445	2026-04-27 11:24	2026-04-3	Show	GitHub Exploit DB Packet Storm

2405	5.5	警告 Local	Linux	Linux Kernel	LinuxのLinux Kernelにおける不特定の脆弱性	CWE-noinfo 情報不足	CVE-2026-23446	2026-04-27 11:23	2026-04-3	Show	GitHub Exploit DB Packet Storm

2406	7.8	重要 Local	Linux	Linux Kernel	LinuxのLinux Kernelにおける配列インデックスの検証に関する脆弱性	CWE-129 配列インデックスの不適切な検証	CVE-2026-23447	2026-04-27 11:23	2026-04-3	Show	GitHub Exploit DB Packet Storm

2407	4.8	警告 Network	OctoberCMS	October	OctoberCMSのOctoberにおけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-25133	2026-04-27 11:23	2026-04-14	Show	GitHub Exploit DB Packet Storm

2408	8.1	重要 Network	OpenMage	Magento	OpenMageのMagentoにおける信頼できないデータのデシリアライゼーションに関する脆弱性	CWE-502 信頼性のないデータのデシリアライゼーション	CVE-2026-25524	2026-04-27 11:23	2026-04-20	Show	GitHub Exploit DB Packet Storm

2409	4.9	警告 Network	OpenMage	Magento	OpenMageのMagentoにおける複数の脆弱性	CWE-184 CWE-22	CVE-2026-25525	2026-04-27 11:23	2026-04-20	Show	GitHub Exploit DB Packet Storm

2410	7	重要 Local	マイクロソフト	Microsoft Windows Server 2019 Microsoft Windows 10 1607 Microsoft Windows Server 2016 Microsoft Windows 11 23h2 Microsoft …	Windows Server Update Services (WSUS) の特権の昇格の脆弱性	CWE-362 CWE-416	CVE-2026-26174	2026-04-27 11:23	2026-04-14	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 13, 2026, 5:05 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
681	9.1	CRITICAL Network	-	-	sealed-env is a cross-stack, zero-trust secret management library for Node.js and Java/Spring Boot. In sealed-env enterprise mode, versions 0.1.0-alpha.1 through 0.1.0-alpha.3 embedded the operator's… New	CWE-200 CWE-522 Information Exposure Insufficiently Protected Credentials	CVE-2026-45091	2026-05-12 23:17	2026-05-12	Show	GitHub Exploit DB Packet Storm

682	6.8	MEDIUM Network	-	-	WeGIA is a web manager for charitable institutions. In versions prior to 3.7.3, a Stored Cross-Site Scripting (XSS) vulnerability allows an authenticated user to inject malicious JavaScript into the … New	CWE-79 Cross-site Scripting	CVE-2026-45026	2026-05-12 23:17	2026-05-12	Show	GitHub Exploit DB Packet Storm

683	5.8	MEDIUM Network	-	-	Outline is a service that allows for collaborative documentation. Prior to 1.7.1, the Slack integration callback for GET /auth/slack.post accepts an unsigned, session-independent OAuth state value. A… New	CWE-352 Origin Validation Error	CVE-2026-44695	2026-05-12 23:17	2026-05-12	Show	GitHub Exploit DB Packet Storm

684	-		-	-	Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 8.6.76 and 9.9.0-alpha.2, a race condition in the MFA SMS one-time password (OTP) logi… New	CWE-362 Race Condition	CVE-2026-43930	2026-05-12 23:17	2026-05-12	Show	GitHub Exploit DB Packet Storm

685	-		-	-	pam_authnft is a PAM session module binding nftables firewall rules to authenticated sessions via cgroupv2 inodes. Prior to 0.2.0-alpha, a heap buffer over-read in peer_lookup_tcp (src/peer_lookup.c:… New	CWE-125 CWE-191 Out-of-bounds Read Integer Underflow (Wrap or Wraparound)	CVE-2026-43916	2026-05-12 23:17	2026-05-12	Show	GitHub Exploit DB Packet Storm

686	7.3	HIGH Network	-	-	Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.35.4, there is a security vulnerability in Vaultwarden that allows bypassing the login brute-force protection if email 2fa is … New	CWE-307 mproper Restriction of Excessive Authentication Attempts	CVE-2026-43914	2026-05-12 23:17	2026-05-12	Show	GitHub Exploit DB Packet Storm

687	8.7	HIGH Network	-	-	Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.35.5, Vaultwarden does not enforce that a groups_users.users_organizations_uuid entry belongs to the same organization as grou… New	CWE-285 Improper Authorization	CVE-2026-43912	2026-05-12 23:17	2026-05-12	Show	GitHub Exploit DB Packet Storm

688	0.0	NONE Network	-	-	WeGIA is a web manager for charitable institutions. In versions prior to 3.6.10, when attempting to upload a file with malicious content to funcionario/docdependente_upload.php, the application respo… New	CWE-200 Information Exposure	CVE-2026-42873	2026-05-12 23:17	2026-05-12	Show	GitHub Exploit DB Packet Storm

689	10.0	CRITICAL Network	-	-	SOCFortress CoPilot focuses on providing a single pane of glass for all your security operations needs. Prior to 0.1.57, SOCFortress CoPilot ships a hardcoded JWT signing secret as a fallback value i… New	CWE-287 CWE-522 CWE-798 Improper Authentication Insufficiently Protected Credentials Use of Hard-coded Credentials	CVE-2026-42869	2026-05-12 23:17	2026-05-12	Show	GitHub Exploit DB Packet Storm

690	8.3	HIGH Network	-	-	pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the set_config_value() API method (@permission(Perms.SETTINGS)) in src/pyload/core/api/__init__.py gates … New	CWE-441 CWE-863 CWE-918 Confused Deputy Incorrect Authorization Server-Side Request Forgery (SSRF)	CVE-2026-42313	2026-05-12 23:17	2026-05-12	Show	GitHub Exploit DB Packet Storm